HostedPCI understands that not every Merchant can change their entire collection process to support our iFrame solution, however they would still like to reduce their PCI scope by not needing to store the credit card data. In order to support these needs, HostedPCI provides the ability to tokenize a credit card through an API after it has been collected by the Merchant. This service allows Merchants to keep their existing checkout page without the need to store or exchange the credit card after it has been collected.

Once the merchants have collected the credit card through their own checkout page or over the phone they can send this information to HostedPCI via an API call in order to retrieve the token. HostedPCI will replace the PAN with a desensitized token that shares the first 4 and last 4 digits of the credit card and the other 8 digits are randomly selected. This combination can be customized according to the merchants’ needs. Once the tokens are generated they are used for all other payment transactions while the original credit card PAN is stored securely in HostedPCI’s vault. Each merchant gets their own designated vault.